#29989: Add a flag to set chosen_exit_optional to false for MapAddress torrc option (and controller?) -------------------------------------------------+------------------------- Reporter: babyfarkmcgeezaxxon | Owner: (none) Type: enhancement | Status: new Priority: Medium | Milestone: Tor: | unspecified Component: Core Tor/Tor | Version: Tor: | 0.3.5.8 Severity: Normal | Resolution: Keywords: security-low?, tor-client, tor-exit | Actual Points: Parent ID: | Points: 1 Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by babyfarkmcgeezaxxon): >Does 719FD0FA327F3CCBCDA0D4EA74C15EA110338942 allow exiting to ayefiles.com? Good question. So here's what I did. I set my torrc back to the default value, with no restrictions, and then visited https://ayefiles.com/. I rotated through three different exit nodes as observed in the "Tor Circuit" window using Ctrl+L. The exit nodes were: {{{ 46.249.59.212 95.216.153.67 217.79.179.177 }}} Using the official table of exit nodes @ https://torstatus.blutmagie.de/ I then filled in the fingerprints of these nodes. (They indeed were listed in that table as valid exit nodes.) {{{ 46.249.59.212 has fingerprint 221C2A3FBAEDBE8E91E13D367BFF649A8584F3DC 95.216.153.67 has fingerprint 23C654A4C4102B0634B000FA9BF1EB5193ED8E17 217.79.179.177 has fingerprint 3E53D3979DB07EFD736661C934A1DED14127B684 }}} Now, the rabbithole gets deeper, and scarier. Using these fingerprints, the fingerprints of nodes that only seconds before I'd seen in the circuit to https://ayefiles.com/ , I modified my torrc to contain the following: {{{ MapAddress ayefiles.com ayefiles.com.221C2A3FBAEDBE8E91E13D367BFF649A8584F3DC.exit MapAddress duckduckgo.com duckduckgo.com.221C2A3FBAEDBE8E91E13D367BFF649A8584F3DC.exit }}} When I restarted Tor, **I couldn't connect to either** https://duckduckgo.com/ or https://ayefiles.com/. **That holds true for all three IPs/fingerprints! ** By can't connect, it's not hanging but giving me a screen blank except for a message, "Unable to connect. Firefox can’t establish a connection to the server at duckduckgo.com." Then it lists a few bullet items to check like my network being down. So let's recap what I saw: * If I set a random, specific exit node via MapAddress, it works for duckduckgo, but ayefiles ignores it selecting another exit node * if I apply one of the exit nodes I saw ayefiles use under the default torrc operation, TOR refuses to use it to connect to either duckduckgo or ayefiles! Very strange indeed! What's going on here? ayefiles uses certain specific exit nodes that then cannot be used for other websites and can't even be manually navigated to? That is, they can only be used as exit nodes if ayefiles chooses them and not if I choose them? WTF? -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29989#comment:2> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs